Skip to content

[JENKINS-72520] Http Request plugin Multipart form does not set boundaries for multipart #324

Description

@jenkins-infra-bot

I'm trying to POST an XML file (OWASP ZAP Report) to an external service (OWASP Defect Dojo), using a shared Jenkins library. A curl-command (see below) for POST-ing the XML file works fine. But I have a hard time translating that into Jenkins' Http Request plugin, so we can include it in a reusable Jenkins shared library.

This results in the following response:

 

Response Code: HTTP/1.1 400 Bad Request
Response: 
{"detail":"Multipart form parse error - Invalid boundary in multipart: None"} 

Is this a bug or am I missing something?

 

 

curl command:

 

curl -X 'POST' \
  'http::8080/api/v2/import-scan/' \
  -H 'accept: application/json' \
  -H 'Content-Type: multipart/form-data' \
  -H 'X-CSRFToken: ' \
  -H 'Authorization: Token ' \
  -F 'scan_date=2023-11-20' \
  -F 'minimum_severity=Info' \
  -F 'active=true' \
  -F 'verified=true' \
  -F 'scan_type=ZAP Scan' \
  -F 'file=@​zapreport.xml;type=text/xml' \
  -F 'product_name=Test project' \
  -F 'engagement_name=Test engagement' \
  -F 'close_old_findings=false' \
  -F 'close_old_findings_product_scope=false' \
  -F 'push_to_jira=false' \
  -F 'create_finding_groups_for_all_findings=true' 

 

 

Jenkins Groovy code:

ResponseContentSupplier response = steps.httpRequest url: "${env.DEFECT_DOJO_HOST_URL}${api}",
acceptType: 'APPLICATION_JSON',
contentType: 'APPLICATION_FORM_DATA',
httpMode: 'POST',
uploadFile: 'zapreport.xml',
multipartName: 'zapreport.xml',
customHeaders: customHeadersDummy(authHeader, headers), // Includes auth-token
formData: [[body: '''{
    "product_name": "Dummy project",
    "engagement_name": "Dummy Engagement",
    "scan_date": "2023-11-20",
    "minimum_severity": "Info",
    "active": "true",
    "verified": "true",
    "scan_type": "ZAP Scan",
    "close_old_findings": "false",
    "close_old_findings_product_scope": "false",
    "push_to_jira": "false",
    "create_finding_groups_for_all_findings": "true"
}''',
 contentType: 'text/xml',
 fileName: 'zapreport.xml',
 name: 'zapreport.xml',
 uploadFile: 'zapreport.xml']],
 consoleLogResponseBody: true,
responseHandle: 'NONE',
timeout: null
wrapAsMultipart: false 

 


Originally reported by brampat, imported from: Http Request plugin Multipart form does not set boundaries for multipart
  • assignee: janario
  • status: Open
  • priority: Blocker
  • component(s): http-request-plugin
  • resolution: Unresolved
  • votes: 0
  • watchers: 8
  • imported: 20260702-081740
Raw content of original issue

I'm trying to POST an XML file (OWASP ZAP Report) to an external service (OWASP Defect Dojo), using a shared Jenkins library. A curl-command (see below) for POST-ing the XML file works fine. But I have a hard time translating that into Jenkins' Http Request plugin, so we can include it in a reusable Jenkins shared library.

This results in the following response:

 

Response Code: HTTP/1.1 400 Bad Request
Response: 
{"detail":"Multipart form parse error - Invalid boundary in multipart: None"} 

Is this a bug or am I missing something?

 

 

curl command:

 

curl -X 'POST' \
  'http:<server>:8080/api/v2/import-scan/' \
  -H 'accept: application/json' \
  -H 'Content-Type: multipart/form-data' \
  -H 'X-CSRFToken: <token>' \
  -H 'Authorization: Token <token>' \
  -F 'scan_date=2023-11-20' \
  -F 'minimum_severity=Info' \
  -F 'active=true' \
  -F 'verified=true' \
  -F 'scan_type=ZAP Scan' \
  -F 'file=@zapreport.xml;type=text/xml' \
  -F 'product_name=Test project' \
  -F 'engagement_name=Test engagement' \
  -F 'close_old_findings=false' \
  -F 'close_old_findings_product_scope=false' \
  -F 'push_to_jira=false' \
  -F 'create_finding_groups_for_all_findings=true' 

 

 

Jenkins Groovy code:

        ResponseContentSupplier response = steps.httpRequest url: "${env.DEFECT_DOJO_HOST_URL}${api}",
                acceptType: 'APPLICATION_JSON',
                contentType: 'APPLICATION_FORM_DATA',
                httpMode: 'POST',
                uploadFile: 'zapreport.xml',
                multipartName: 'zapreport.xml',
                customHeaders: customHeadersDummy(authHeader, headers), // Includes auth-token
                formData: [[body: '''{
    "product_name": "Dummy project",
    "engagement_name": "Dummy Engagement",
    "scan_date": "2023-11-20",
    "minimum_severity": "Info",
    "active": "true",
    "verified": "true",
    "scan_type": "ZAP Scan",
    "close_old_findings": "false",
    "close_old_findings_product_scope": "false",
    "push_to_jira": "false",
    "create_finding_groups_for_all_findings": "true"
}''',
                 contentType: 'text/xml',
                 fileName: 'zapreport.xml',
                 name: 'zapreport.xml',
                 uploadFile: 'zapreport.xml']],
                 consoleLogResponseBody: true,
                responseHandle: 'NONE',
                timeout: null
                wrapAsMultipart: false 

 

  • environment: Jenkins 2.393

Metadata

Metadata

Assignees

No one assigned

    Type

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions